Trojan.HTML.Zlob.AA
HIGH
HIGH
aprox 10 kb
()
Symptoms
Message from the browser while the user tries to access a video file :
The message box has the title "Message box object error" and gives the user three buttons of choice, but only one is enabled. "Amazingly" only the "Continue" button is enabled which dowloads an installer with the name "MediaTubeCodec_ver1.1107.7.exe" ( this may vary ) for the known malware Trojan.Zlob .
The most common mean of spreading of the mentioned malware is trought "unavailable codec/ActiveX component" , message received when an user tries to watch a certain video , ussually with adult content.
- "Video ActiveX Object Error: Your browser cannot display this video file."
- "You need to download new version of Video ActiveX Object to play this video file. "
- "To download and install ActiveX Object click Continue."
The message box has the title "Message box object error" and gives the user three buttons of choice, but only one is enabled. "Amazingly" only the "Continue" button is enabled which dowloads an installer with the name "MediaTubeCodec_ver1.1107.7.exe" ( this may vary ) for the known malware Trojan.Zlob .
The most common mean of spreading of the mentioned malware is trought "unavailable codec/ActiveX component" , message received when an user tries to watch a certain video , ussually with adult content.
Removal instructions:
Please let BitDefender disinfect your files.
Analyzed By
Daniel Chipiristeanu, virus researcher
Technical Description:
This malware is a part of a web page adult video chain that tricks a download of a certain codec or ActiveX component that supposedly helps viewing the content of a video file, but is in fact a known adware and fake security solutions for the user.It gives the illusion of online video database, "youtube" alike, for adult media files. Actually it shows only the picture as a preview to some movie and urges the user to download and install a video codec or "ActiveX object/component" in order to have the possibility to watch the movie. This is how the message looks in InternetExplorer :
It has the following behavior :
- Gives these messages to convince the user to install the malware :
- "Video ActiveX Object Error: Your browser cannot display this video file."
- "You need to download new version of Video ActiveX Object to play this video file. "
- "To download and install ActiveX Object click Continue."
- Then it gives you a download to install on the computer. Usually this is "ActiveX" or "video codecs" related.
- 3. The links that keep the download change rapidly and they usually contain reference to codecs : VideoAccessCodec, VideoSoftOnline, CodecPro,SexyCodecAdult VipCodecVip, IXCodec, MoonCodec , or to video enhancers: VideoAdaptation, SoftWebVideo.
- This version of malware has its files stored on this website : sexicodecadult-w.com
- When you install the "codec" you receive this error : "Cannot install VideoAccessCodec application, Error 118: Windows components conflict. Try to reinstall operating system and try again.". After this the infection goes on without the user knowledge or consent.
SHARE
THIS ON